1 / 23

Cryptography and Network Security Chapter 11

Cryptography and Network Security Chapter 11. Fifth Edition by William Stallings Lecture slides by Lawrie Brown. Chapter 11 – Cryptographic Hash Functions.

chul
Download Presentation

Cryptography and Network Security Chapter 11

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography and Network SecurityChapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown

  2. Chapter 11 – Cryptographic Hash Functions Each of the messages, like each one he had ever read of Stern's commands, began with a number and ended with a number or row of numbers. No efforts on the part of Mungo or any of his experts had been able to break Stern's code, nor was there any clue as to what the preliminary number and those ultimate numbers signified. —Talking to Strange Men, Ruth Rendell

  3. Hash Functions • condenses arbitrary message to fixed size h = H(M) • usually assume hash function is public • hash used to detect changes to message • want a cryptographic hash function • computationally infeasible to find data mapping to specific hash (one-way property) • computationally infeasible to find two data to same hash (collision-free property)

  4. Cryptographic Hash Function

  5. Hash Functions & Message Authent-ication

  6. Hash Functions & Digital Signatures

  7. Other Hash Function Uses • to create a one-way password file • store hash of password not actual password • for intrusion detection and virus detection • keep & check hash of files on system • pseudorandom function (PRF) or pseudorandom number generator (PRNG)

  8. Two Simple Insecure Hash Functions • consider two simple insecure hash functions • bit-by-bit exclusive-OR (XOR) of every block • Ci = bi1 xor bi2 xor . . . xor bim • a longitudinal redundancy check • reasonably effective as data integrity check • one-bit circular shift on hash value • for each successive n-bit block • rotate current hash value to left by1bit and XOR block • good for data integrity but useless for security

  9. Hash Function Requirements

  10. Attacks on Hash Functions • have brute-force attacks and cryptanalysis • a preimage or second preimage attack • find ys.t. H(y) equals a given hash value • collision resistance • find two messages x & ywith same hash so H(x) = H(y) • hence value 2m/2 determines strength of hash code against brute-force attacks • 128-bits inadequate, 160-bits suspect

  11. Birthday Attacks • might think a 64-bit hash is secure • but by Birthday Paradox is not • birthday attack works thus: • given user prepared to sign a valid message x • opponent generates 2m/2variations x’ of x, all with essentially the same meaning, and saves them • opponent generates 2m/2variations y’ of a desired fraudulent message y • two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) • have user sign the valid message, then substitute the forgery which will have a valid signature • conclusion is that need to use larger MAC/hash

  12. Hash Function Cryptanalysis • cryptanalytic attacks exploit some property of alg so faster than exhaustive search • hash functions use iterative structure • process message in blocks (incl length) • attacks focus on collisions in function f

  13. Block Ciphers as Hash Functions • can use block ciphers as hash functions • using H0=0 and zero-pad of final block • compute: Hi = EMi [Hi-1] • and use final block as the hash value • similar to CBC but without a key • resulting hash is too small (64-bit) • both due to direct birthday attack • and to “meet-in-the-middle” attack • other variants also susceptible to attack

  14. Secure Hash Algorithm • SHA originally designed by NIST & NSA in 1993 • was revised in 1995 as SHA-1 • US standard for use with DSA signature scheme • standard is FIPS 180-1 1995, also Internet RFC3174 • nb. the algorithm is SHA, the standard is SHS • based on design of MD4 with key differences • produces 160-bit hash values • recent 2005 results on security of SHA-1 have raised concerns on its use in future applications

  15. Revised Secure Hash Standard • NIST issued revision FIPS 180-2 in 2002 • adds 3 additional versions of SHA • SHA-256, SHA-384, SHA-512 • designed for compatibility with increased security provided by the AES cipher • structure & detail is similar to SHA-1 • hence analysis should be similar • but security levels are rather higher

  16. SHA Versions

  17. SHA-512 Overview

  18. SHA-512 Compression Function • heart of the algorithm • processing message in 1024-bit blocks • consists of 80 rounds • updating a 512-bit buffer • using a 64-bit value Wt derived from the current message block • and a round constant based on cube root of first 80 prime numbers

  19. SHA-512 Round Function

  20. SHA-512 Round Function

  21. SHA-3 • SHA-1 not yet "broken” • but similar to broken MD5 & SHA-0 • so considered insecure • SHA-2 (esp. SHA-512) seems secure • shares same structure and mathematical operations as predecessors so have concern • NIST announced in 2007 a competition for the SHA-3 next gen NIST hash function • goal to have in place by 2012 but not fixed

  22. SHA-3 Requirements • replace SHA-2 with SHA-3 in any use • so use same hash sizes • preserve the online nature of SHA-2 • so must process small blocks (512 / 1024 bits) • evaluation criteria • security close to theoretical max for hash sizes • cost in time & memory • characteristics: such as flexibility & simplicity

  23. Summary • have considered: • hash functions • uses, requirements, security • hash functions based on block ciphers • SHA-1, SHA-2, SHA-3

More Related